Månedsarkiv: juli 2004

Verify file integrity and find compromised files

Use Tripwire to alert you to compromised files or verify file integrity in the event of a compromise. One tool that can help you detect intrusions on a host and also ascertain what happened after the fact is Tripwire (http://sourceforge.net/projects/tripwire). … Læs resten

Udgivet i Knowledge Base, Linux, Old Base | Skriv en kommentar

Forensics: Create an image of the entire harddisk

Make a bit-for-bit copy of your system’s disk for forensic analysis. Before you format and reinstall the operating system on a recently compromised machine, you should take the time to make duplicates of all the data stored on the system. … Læs resten

Udgivet i Knowledge Base, Linux, Old Base | Skriv en kommentar

Record honeypot activity

Keep track of everything that happens on your honeypot. Once an attacker has fallen prey to your honeypot and gained access to it, it is critical that you monitor all activity on that machine. By monitoring every tiny bit of … Læs resten

Udgivet i Knowledge Base, Networking, Old Base, Security | Skriv en kommentar

Using honneyd

Use honeyd to fool would-be attackers into chasing ghosts. As the saying goes, you will attract more flies with honey than with vinegar. (I’ve never understood that saying; who wants to attract flies, anyway?) A honeypot is used to attract … Læs resten

Udgivet i Knowledge Base, Networking, Old Base | Skriv en kommentar

Apache IDS

Protect your web server and dynamic content from intrusions. Detecting intrusions that utilize common protocols and services is a job that a network intrusion detection system is well suited for. However, due to the complexity of web applications and the … Læs resten

Udgivet i Apache, Knowledge Base, Networking, Old Base | Skriv en kommentar

Optimizing snort for high performance / Database

Decouple Snort’s output stage so it can keep pace with the packets. Snort by itself is fine for monitoring small networks or networks with low amounts of traffic, but it does not scale very well without some additional help. The … Læs resten

Udgivet i Knowledge Base, Linux, Networking, Old Base | Skriv en kommentar

Stealthing the sensorts

Keep your IDS sensors safe from attack, while still giving yourself access to their data. Your IDS sensors are the early warning system that can both alert you to an attack and provide needed evidence for investigating a break-in after … Læs resten

Udgivet i Knowledge Base, Linux, Networking, Old Base | Skriv en kommentar

Automated snort rule updating

Keep your Snort rules up-to-date with Oinkmaster. If you have only a handful of IDS sensors, keeping your Snort rules up-to-date is a fairly quick and easy process. However, as the number of sensors grows it can become more difficult. … Læs resten

Udgivet i Knowledge Base, Linux, Old Base | Skriv en kommentar

IDS That detect abnormal behaviour automatic

Detect attacks and intrusions by monitoring your network for abnormal traffic, regardless of the actual content. Most NIDS monitor the network for specific signatures of attacks and trigger alerts when one is spotted on the network. Another means of detecting … Læs resten

Udgivet i Knowledge Base, Networking, Old Base | Skriv en kommentar

Dynamic firewall with snortsam

Use SnortSam to prevent intrusions by putting dynamic firewall rules in place to stop in-progress attacks. An alternative to running Snort on your firewall and having it activate filtering rules on the machine it’s running on [Hack #87] is to … Læs resten

Udgivet i Knowledge Base, Linux, Networking, Old Base | Skriv en kommentar